So I have migrated OpenVPN server which seems simple enough, I just copied /etc/openvpn/* to the new server.
But, when I generate keys, I'm getting an error when client is connecting. I am able to successfully connect when I use my old ca.crt.
I have a few related simple questions..
- Is the ca.crt the same file that all our clients get, or is it generated per user? (I'm under the impression its the same file for each client, but i'm not 100%)
I usually generate 3 files
client.csr client.crt client.key
Inside of the .ovpn config file, it ask's for
ca.crt client.crt client.key
3. Which files does the client get that are Generated on a per-user bases, and which of those 3 files would that normally be?
I'm a little confused as to which files I need, I've done this for myself a long time ago, but now I'm being asked to do it on a grander scale and need a big more thorough understanding then, "it works".
What I think i've done in the past is rename client.csr to client.ca, but I could be wrong.
There is a ca.crt in the root of /etc/openvpn/ but it doesn't work! But, it looks like I have another entire certs tree that was abandonded under /etc/openvpn/techsupport/, but it hasn't been used since 2011! There is a ca.crt in there as well I need to try.